Encryption/Decryption
These two endpoint implements the encryption and decryption of short data message using the AES scheme.
Last updated
These two endpoint implements the encryption and decryption of short data message using the AES scheme.
Last updated
Allowed
keymgmt:use:<KID>
where <KID> is a Key ID as 32 chars hexadecimal string
POST https://my.ence.do/api/crypto/cipher/encrypt
Encrypt a short data message and return ciphertext.
| Name | Type | Description |
|---|---|---|
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
alg valuesPOST https://my.ence.do/api/crypto/cipher/decrypt
Decrypt a short data message and return plaintext.
The key type pointed by ext_kid or represented by pubkey MUST be the same as the kid key type. Otherwise, indirect ECDH will be failed.
alg valuesCheck the list here.
| Name | Type | Description |
|---|---|---|
| Value | Description |
|---|---|
| Name | Type | Description |
|---|---|---|
| Event | Result | Source |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Event | Result | Source |
|---|---|---|
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
alg*
String
Algorithm to use (e.g. AES256-GCM)
ext_kid
String
External Key ID, 32 chars hex string
kid*
String
Key ID, 32 chars hex string
msg
String
Plaintex to encrypt
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument)
aad
String
Optional AAD data for AES-GSM only
AES128-ECB
Regard to NIST SP 800-38A
AES128-CBC
Regard to NIST SP 800-38A
AES128-GCM
Regard to NIST SP 800-38D
AES192-ECB
Regard to NIST SP 800-38A
AES192-CBC
Regard to NIST SP 800-38A
AES192-GCM
Regard to NIST SP 800-38D
AES256-ECB
Regard to NIST SP 800-38A
AES256-CBC
Regard to NIST SP 800-38A
AES256-GCM
Regard to NIST SP 800-38D
ciphertext
String
Base64 encoded ciphertext
iv
String
Base64 IV generated by the process
tag
String
Optional TAG in base64 (for AES-GCM only)
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_ENCRYPT
LOG_RESULT_OK
200
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
alg
String
Algorithm to use (e.g. AES256-GCM)
ext_kid
String
External Key ID, 32 chars hex string
kid*
String
Key ID, 32 chars hex string
msg
String
Ciphertext to decrypt
pubkey
String
Base64 encoded external public key
ctx
String
Additional context data (HKDF argument)
iv
String
Ciphertext IV
tag
String
TAG value if AES-GCM used
aad
String
Optional AAD data for AES-GSM only
plaintext
String
Base64 decrypted plaintext
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_ERROR
400
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_FAILED
406
LOG_TYPE_CRYPTO_DECRYPT
LOG_RESULT_OK
200